
<!--
   Licensed to the Apache Software Foundation (ASF) under one or more
   contributor license agreements.  See the NOTICE file distributed with
   this work for additional information regarding copyright ownership.
   The ASF licenses this file to You under the Apache License, Version 2.0
   (the "License"); you may not use this file except in compliance with
   the License.  You may obtain a copy of the License at
 
        http://www.apache.org/licenses/LICENSE- 2.0
 
   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
-->



<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML>
  <HEAD>
    <TITLE>Apache FtpServer - TLS-SSL Support</TITLE>
    <META http-equiv="Content-Type" content="text/html;charset=UTF-8">
    <LINK type="text/css" rel="stylesheet" href="http://mina.apache.org/index.data/style.css">
    <SCRIPT type="text/javascript" language="javascript">
      function init() {
        /* Search form initialization */
        var form = document.forms['googleSearch'];
        if (form != null) {
          form.elements['domains'].value = location.hostname;
          form.elements['sitesearch'].value = location.hostname;
        }

      }
    </SCRIPT>
  </HEAD>
  <BODY onload="init()">
    <DIV id="PageContent" style="padding-bottom: 0px;">
      <DIV class="pageheader" style="padding: 6px 0px 0px 0px;">
        <DIV id="apacheLogo" style="width: 100%; text-align: right; position: absolute; top: 33px;">
          <A href="http://www.apache.org/"><IMG src="http://www.apache.org/images/asf-logo.gif" border="0" alt="The Apache Software Foundation" title="The Apache Software Foundation" hspace="12"></A>
        </DIV>
        <DIV id="minaLogo" style="position: absolute; top: 24px; left: 16px;">
          <A href="http://mina.apache.org/ftpserver"><IMG src="http://mina.apache.org/ftpserver/index.data/logo-300x95.png" border="0" alt="Apache FtpServer" title="Apache FtpServer"></A>
        </DIV>
        <DIV class="greynavbar" style="margin: 156px 0px 0px 0px;">
          <TABLE border="0" cellpadding="2" cellspacing="0" width="100%" style="position: relative; z-index: 10;">
            <TR>
              <TD align="left" valign="middle" align="left" style="padding-left: 17px;" width="100%" nowrap="">
                &nbsp;<A href="index.html" title="Apache MINA FtpServer">Apache MINA FtpServer</A>&nbsp;&gt;&nbsp;<A href="index.html" title="Index">Index</A>&nbsp;&gt;&nbsp;<A href="documentation.html" title="Documentation">Documentation</A>&nbsp;&gt;&nbsp;<A href="" title="TLS-SSL Support">TLS-SSL Support</A>
              </TD>
              <TD align="right" valign="middle" nowrap="">
                <FORM name="googleSearch" action="http://www.google.com/search" method="get" style="margin: 0px; padding: 0px;">
                  <INPUT type="hidden" name="ie" value="UTF-8">
                  <INPUT type="hidden" name="oe" value="UTF-8">
                  <INPUT type="hidden" name="domains" value="">
                  <INPUT type="hidden" name="sitesearch" value="">
                  <INPUT type="text" name="q" maxlength="255" value="">        
                  <INPUT type="submit" name="btnG" value="Google Search">
                </FORM>
              </TD>
              <TD align="right" valign="middle" style="padding-right: 8px;" nowrap="">
                <FORM name="listSearch" action="http://mina.markmail.org/search/" method="get" style="margin: 0px; padding: 0px;">
                  <INPUT type="text" name="q" maxlength="255" value="">        
                  <INPUT type="submit" value="Mailing List Search">
                </FORM>
              </TD>
            </TR> 
          </TABLE>
        </DIV>
      </DIV>
      <DIV id="pageBody" style="clear: both;">
        <TABLE border="0" cellpadding="0" cellspacing="0" width="100%">
          <TR>
            <TD width="192" valign="top" nowrap="">
              <DIV style="padding: 0px 8px 16px 20px;">
                
                                                                                                                                                                                                                                          <H3><A name="Navigation-Overview"></A>Overview</H3>

<UL>
	<LI><A href="index.html" title="Index">Home</A></LI>
	<LI><A href="features.html" title="Features">Features</A></LI>
	<LI><A href="documentation.html" title="Documentation">Documentation</A></LI>
	<LI><A href="downloads.html" title="Downloads">Downloads</A></LI>
	<LI><A href="source.html" title="Source">Source</A></LI>
	<LI><A href="faq.html" title="FAQ">FAQ</A></LI>
	<LI><A href="related-projects.html" title="Related Projects">Related Projects</A></LI>
</UL>


<H3><A name="Navigation-Community"></A>Community</H3>

<UL>
	<LI><A href="mailing-lists.html" title="Mailing Lists">Mailing Lists</A></LI>
	<LI><A href="getting-involved.html" title="Getting Involved">Getting Involved</A></LI>
	<LI><A href="reporting-a-bug.html" title="Reporting a Bug">Reporting a Bug</A></LI>
	<LI><A href="contributors.html" title="Contributors">Contributors</A></LI>
	<LI><A href="testimonials.html" title="Testimonials">Testimonials</A></LI>
</UL>


<H3><A name="Navigation-Sponsorship"></A>Sponsorship</H3>

<UL>
	<LI><A href="http://www.apache.org/foundation/thanks.html" rel="nofollow">Thanks</A></LI>
	<LI><A href="http://www.apache.org/foundation/sponsorship.html" rel="nofollow">Sponsorship</A></LI>
	<LI><A href="http://www.apache.org/foundation/contributing.html" rel="nofollow">Contributing</A></LI>
</UL>
                                                                                                                    </DIV>
             <DIV align="center"><IFRAME src="http://www.apache.org/ads/buttonbar.html" style="border-width:0" frameborder="0" scrolling="no" width="135" height="265"></IFRAME></DIV>
            </TD>
            <TD width="100%" valign="top">
              <DIV class="pagecontent">
                <H1 style="margin-top: 0px;">
                  TLS-SSL Support
                </H1>
                <DIV class="wiki-content">
                  <P>This document explains how to enable Apache FTP Server to use Transport Layer Security (TLS) for encrypted client-server communication.</P>

<P>FtpServer uses the Java Secure Sockets Extension (JSSE) infrastructure to provide TLS/SSL sockets. JSSE comes packaged with several vendor Java distributions (i.e. Sun Java 1.4.x, IBM Java 1.3.x). For these distributions, please follow the vendor provided instructions for configuring the JVM to use JSSE services.</P>

<H2><A name="TLS-SSLSupport-Securitymode"></A>Security mode</H2>
<H3><A name="TLS-SSLSupport-ExplicitSecurity%28default%29"></A>Explicit Security (default)</H3>

<P>In this mode server supports both secure and non-secure connection. Upon request from client (AUTH SSL) the server switches to the SSL/TLS mode.</P>

<P>In this case, the listener should not use implicit SSL (the default value):</P>
<DIV class="preformatted panel" style="border-width: 1px;"><DIV class="preformattedContent panelContent">
<PRE>&lt;nio-listener name=&quot;default&quot; implicit-ssl=&quot;false&quot;&gt;
</PRE>
</DIV></DIV>

<H3><A name="TLS-SSLSupport-ImplicitSecurity"></A>Implicit Security</H3>

<P>If you want to use <B>implicit</B> SSL connection, that is, SSL is always enabled on the control socket. The first thing you need to do is to tell the listener to use implicit SSL mode:</P>
<DIV class="preformatted panel" style="border-width: 1px;"><DIV class="preformattedContent panelContent">
<PRE>&lt;nio-listener name=&quot;default&quot; implicit-ssl=&quot;true&quot;&gt;
</PRE>
</DIV></DIV>

<P>If you set the listener to use implicit security, enabling implicit security for the data connection should be considered. </P>

<H3><A name="TLS-SSLSupport-Dataconnectionsecurity"></A>Data connection security</H3>
<P>Implicit secure listener does not ensure encrypted data transfer. To use SSL/TLS in data connection, client either has to send &quot;PROT P&quot; command or implicit security must be enabled for the data connection. </P>

<DIV class="preformatted panel" style="border-width: 1px;"><DIV class="preformattedContent panelContent">
<PRE>&lt;data-connection implicit-ssl=&quot;true&quot;&gt;
</PRE>
</DIV></DIV>

<P>If no explicit configuration for SSL keystores and truststores is provided for the data connection, it will be inherited from the listener. This is the normal configuration.</P>

<P>Different FTP clients behave different with regards to implicit security on the data connection, some assume an SSL enabled socket, while some will always send a &quot;PROT P&quot; command. The following table shows the characteristics of some clients, please report others.</P>

<TABLE class="confluenceTable"><TBODY>
<TR>
<TH class="confluenceTh">FTP client</TH>
<TH class="confluenceTh"> Behavior </TH>
</TR>
<TR>
<TD class="confluenceTd"> FileZilla </TD>
<TD class="confluenceTd"> Sends &quot;PROT P&quot; command automatically in implicit security mode </TD>
</TR>
<TR>
<TD class="confluenceTd"> DartFTP/PowerTCP </TD>
<TD class="confluenceTd"> Assumes an SSL enabled data connection, does not send &quot;PROT P&quot; </TD>
</TR>
</TBODY></TABLE>

<H3><A name="TLS-SSLSupport-Detailedconfiguration"></A>Detailed configuration</H3>
<P>Full documentation on all provided configuration is available on the <A href="listeners.html" title="Listeners">Listeners</A> page</P>
                </DIV>
  
              </DIV>
            </TD>
          </TR>
        </TABLE>
        <DIV class="footer" style="text-align: center">
          Copyright &copy; 2004-2008, <A href="http://www.apache.org/">The Apache Software Foundation</A>
        </DIV>
      </DIV>
    </DIV>
  </BODY>
</HTML>
